External platform extensions in a multi-tenant environment

ABSTRACT

Enforcing access control to individual extensions of services in a multi-tenant cloud environment by initializing objects for the extension based on public and private configuration files with service access rules that are merged is described. This allows third party vendors to specify payment rules for their own extensions while securely keeping the core extension configuration files. Tenants of the multi-tenant cloud environment can pick and choose which services to purchase, and the cloud environment automates the process of accessing the service using the third-party developer&#39;s tenant access list rules.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application claims the benefit of U.S. Provisional Application No.61/858,476, filed Jul. 25, 2013, which is hereby incorporated byreference in its entirety for all purposes.

This application is related to U.S. application Ser. No. 14/016,582,filed Sep. 3, 2013, which is hereby incorporated by reference in itsentirety for all purposes.

BACKGROUND

1. Field of the Art

Generally, the present application relates to data processing.Specifically, the application is related to self-metering third-partyservices provided in a cloud computing environment.

2. Discussion of the Related Art

Cloud computing is a model for enabling convenient, on-demand networkaccess to a shared pool of configurable computing resources. Theseresources can include network connections, server processing power,storage, applications, services, and other resources in demand.

Many terms in cloud computing have either sprouted anew or taken onadditional meaning as the concept of relying on an outside party with anoffsite computer to store and process one's data becomes acceptable andmore popular with businesses and the general public.

A “service” includes an autonomous unit of functionality in softwarerepresenting a single action. A service provides interaction via aprescribed input and output protocol. Services can be built from asoftware component or series of components; however, services generallycannot embed other services within them.

A “component” includes a modular part of a software system thatencapsulates its content and whose manifestation is replaceable withinits environment. A component can define its behavior in terms ofprovided and required interfaces. Multiple components can be combinedtogether to form aggregated portions of a system or other components.

A “tool” includes a grouping of components with a user-facing mechanismto perform a task.

A “package” includes a logical grouping of software elements to providea namespace for the grouped elements. A package may contain otherpackages, thus providing for a hierarchical organization of packages.Packages typically contain elements from a single layer of anarchitecture.

A “sub-system” includes a grouping of elements to provide a physicalimplementation structure. A sub-system may contain other sub-systems. Asub-system is typically a manifestation of a package or packagesassociated with a physical system.

A “multi-tenant environment” includes a computing environment in which asingle instance of a software application or software services runs on aserver that concurrently executes for multiple client organizations(i.e., tenants). Such an environment keeps each client organization'svariables separate, even when processing time and memory space areshared.

Multi-tenant cloud computing environments are typically set up by wellcapitalized companies with many resources. Among those resources aremany software developers, network administrators, etc. who maintain andupdate the software services and applications that run on the cloudnetwork. Complex, polished software suitable for mass use by customersof the cloud computing environment is the product of many internalemployees' research, time, and labor.

More sophisticated cloud computing environments allow third-partydevelopers to create plug-ins or other services for the applicationsrunning on the cloud network. Third-party developers are typically hiredby the cloud computing companies to provide and update the third-partyservices, which are in turn used by tenant customers of the cloudservice. The cloud service charges customers for the use of the service,centralizing control over who can and cannot access each service. Thethird-party developers and customers of the cloud network areessentially isolated from one another.

There is a need in the art for better, more efficient, and customizablecloud computing services that are scalable for large enterprises.

BRIEF SUMMARY

Generally, what is described is a multi-tenant cloud application thatincludes services developed by third party developers that tend theirown access lists for their services. The tenant access lists andpayments are arranged by the third party developers so that developerscan charge for services in a finer manner than the all-or-nothing, cloudmanaged services of the prior art. Access can be automated throughtenant access list rules that are submitted directly by the third-partydevelopers to the cloud environment as part of a software package.

Once a software package is uploaded, the cloud's application server isrestarted with a config file that has been merged with a delta file (ofa ‘blank’ config file) populated by a third party developer for itsadd-in or service. The merging safely adds the third-party developer'sconfigs to the master configuration file so that the software servicecan execute on the cloud, without having to expose parts of the configfile that are internal to the cloud services provider. The merged configfile ensures that the third-party's services are loaded in the serverfor everyone; however, the third-party developer's tenant access listrules block those who are not subscribers from accessing the services.

The config file can be an extensible markup language (XML) filecompliant with an XML schema defined in an XSD file. The XSD schema filecan specify or otherwise define elements, child elements, and attributesof the elements.

Given a ‘blank’ version of an XML configuration file from the cloudservice provider, that is, a version of the XML configuration file withno configs or child elements in it, a third party developer or otherprogrammer can populate the XML config file with elements concerning hisor her third party extension. The third party developer's XMLconfiguration file is treated as a delta file, showing ‘changes’ by thethird party developer to the config file.

The third-party developer can place the delta file in a MAR (metadataarchive) with JAR (Java archive) files for the third party extension andincluded in an Oracle metadata services (MDS) customization file. TheMDS customization file is then sent back to the cloud service providerand put in a shared library of class files. This shared library is thesame library that the cloud provider uses for its own files. A baseconfig file is merged with the layered customization MAR fileautomatically by MDS.

Upon a restart of the cloud server, the various configuration files inthe shared library—including the delta file—are automatically mergedtogether in a unified configuration file. The unified configuration filemay be assembled in memory only and not saved separately to disk orother non-volatile memory. The unified configuration file, with theconfigs from the third-party developer, is then read to instantiateobjects. The objects are instantiated from classes in the shared libraryof files, including those delivered by the third party developer in theMAR file. The instantiated objects make up the new, executable cloudapplication.

The third-party developer's tenant access list can also be extractedfrom the MAR file and automatically implemented for user access toparticular services.

Yet other embodiments relate to systems and machine-readable tangiblestorage media that employ or store instructions for the methodsdescribed above.

This summary is not intended to identify key or essential features ofthe claimed subject matter, nor is it intended to be used in isolationto determine the scope of the claimed subject matter. The subject mattershould be understood by reference to appropriate portions of the entirespecification of this patent, any or all drawings and each claim.

BRIEF DESCRIPTION OF THE DRAWINGS

Illustrative embodiments of the present invention are described indetail below with reference to the following drawing figures:

FIG. 1 illustrates logical layers of a cloud-based Software as a Service(SaaS) platform in accordance with an embodiment.

FIG. 2 illustrates logical layers of an instance of a cloud-based SaaSplatform in accordance with an embodiment.

FIG. 3 illustrates physical layers of a cloud-based SaaS platform inaccordance with an embodiment.

FIG. 4 illustrates the passing of configuration files in accordance withan embodiment.

FIG. 5 shows a merged XML config file in accordance with an embodiment.

FIG. 6 illustrates a third-party developer and end user relationship inaccordance with an embodiment.

FIG. 7 illustrates unifying a set of objects from internal and externaldevelopers in accordance with an embodiment.

FIG. 8 illustrates a cloud server providing combined software frommultiple developers in accordance with an embodiment.

FIG. 9 illustrates a purchase of a service in accordance with anembodiment.

FIG. 10 is a flowchart of a process in accordance with an embodiment.

FIG. 11 is a flowchart of a process in accordance with an embodiment.

FIG. 12 depicts a simplified diagram of a distributed system forimplementing one of the embodiments.

FIG. 13 is a simplified block diagram of components of a systemenvironment by which services provided by the components of anembodiment system may be offered as cloud services, in accordance withan embodiment of the present disclosure.

FIG. 14 illustrates an exemplary computer system, in which variousembodiments of the present invention may be implemented.

DETAILED DESCRIPTION

In the following description, for the purposes of explanation, specificdetails are set forth in order to provide a thorough understanding ofembodiments of the invention. However, it will be apparent that variousembodiments may be practiced without these specific details. The figuresand description are not intended to be restrictive.

Overview

An exemplary embodiment is a completely upgraded version of the afinancial management suite of products built using the standard Oracletechnology stack for enterprise performance management (EPM)applications. It is an enterprise-level application suite forbusinesses. Initial versions may release on a cloud based system only,but other versions may release on local networks at customer sites.

The exemplary embodiment can be an extensible application developmentplatform for the production of a number of financial applications. Thefinancial applications themselves can be produced in a phased roll-outschedule with phase one concentrating on financial close, financialplanning and tax. One guiding principle for the design and production ofthese applications is that they will be declarative and metadata driven.

The exemplary embodiment is designed in compliance with a targetarchitecture. The target architecture defines three distinctarchitectural sections: Core Fusion Middleware (FMW), Platform Layers,and Application Layers. The exemplary embodiment can use the samearchitectural sectioning leveraging as much of the Core FMW section. Itcan build a Platform Layer section for common functionality and thenallow applications to build on top of the Platform in the ApplicationLayers sections.

Architectural layering is provided to enforce a dependency graph betweenlayers in the system. A layer can “reach” down the entire layerhierarchy of the dependency graph to directly use and embed any lowerlayer's artifacts. The dependency is typically directed with no circulardependencies allowed. Conversely, a layer generally cannot reach back upthe heirarchy.

The architectural layers provide natural implementation, production, anddelivery boundaries facilitating parallel development. Architecturallayering provides loose coupling defined by published interfaces. Thisallows clear ownership and responsibility of sub-systems andsub-packages.

An architectural layer groups like aspects of the system together. A“layer” defines an encapsulated set of software artifacts that interactwithin the layer to provide desired functionality. These artifacts arethen available to layers higher in the architectural stack via publishedinterfaces

FIG. 1 depicts functional architecture 100 of an embodiment. At the toplayer, applications are within Blake Applications layer 102. In the nextlayer down, Blake Application UI Components Layer 104, there arecontained application user interface (UI) components for modular coarsegrained reusable functionality, encapsulating best practices andmodularity, for planned maximized reuse and minimized redundancy. In thenext layer, Blake Application Components and Services Layer 106, non-UIapplication components for modular coarse grained reusablefunctionality, encapsulating best practices for maximized reuse andminimized redundancy, are located. Application services for externalaccess are located here. Note that UI and non-UI services are inseparate layers. In the next layer, Blake Applications Domain ModelsLayer 108, application domain metadata models are located. Theseservices are for shared access of application resources or externalaccess.

In the fifth layer down of the figure, Blake Platform Tools Layer 110,shared tools are built per a business task definition. In the next layerdown, Blake Platform UI Components Layer 112, user interface componentsfor modular coarse grained reusable functionality are stored. They aredesigned to encapsulate best practices and modularity for maximizedreuse and minimized redundancy of UI based artifacts. In the next layer,Blake Platform Components and Services Layer 114, non-UI components formodular coarse grained reusable functionality are located. Theyencapsulate best practices and modularity for maximized reuse andminimized redundancy of non-UI based artifacts. Services for externalaccess of platform components are located here. In the next layer, BlakeMetadata Models (a.k.a., Blake Semantic Model Layer 116), metadatamodels are built for declarative definitions. A single unified semanticmodel encompasses business intelligence (BI), enterprise performancemanagement (EPM), predictive analytics, etc.

In the bottom layer, Core Fusion Middleware (FMW) layer 118, technologyand components used for the production of the upper stack, e.g. OracleApplication Development Framework (ADF), Web Center, Art TechnologyGroup (ATG) Lite, etc., are located.

UI and non-UI services are kept separate by design, using features ofOracle JDeveloper (“JDev”). During development, the code artifactsdeployed within an EAR (enterprise archive) file are separated into twoJDev workspaces. The first is the “core” workspace, which is fordevelopment of non-UI based Java code and the data control providerswhich will expose those systems to the UI binding layer. The second isfor the UI components themselves, which will consume the data controlproviders developed in the core workspace.

A technical advantage to staging the workspaces this way allows adeveloper to restrict the data control providers to load into the JDevintegrated development environment (IDE) for the Web workspace anddisallow them to load into the JDev IDE for the core workspace. It isoften necessary to develop data control providers in a separateenvironment from the one where they are loaded. Developing and loadingthem in the same environment could cause JDev to not start due to a bugin the data control provider. Separation allows for debugging a UIproject even if there is an initialization issue with the provider.

FIG. 2 illustrates an instance 200 of the exemplary embodiment. The toptwo layers, Blake Applications Layer 202 and Blake Applications UIComponents Layer 204, are standard in this embodiment. In the thirdlayer, Blake Application Components and Services Layer 206,consolidation 220, elimination 222, and budgeting 224 services arelocated. In the fourth layer, Blake Application Domain Models Layer 208,EPM application models 226 and seeded content 228 are located.

In the fifth layer of the figure, Blake Platform Tools Layer 210,reports and analysis 230, common dimension maintenance 232, and Blakeadministrator 234 services are located. In the sixth layer, BlakePlatform UI Components Layer 212, EPM grid 236, EPM chart 238, and POV(point of view)/member selector tool 240 services are located. In theseventh layer, Blake Platform Components and Services Layer 214, thefollowing services are located: validation 242, messaging 244, querygenerator 246, query execution 248, office integration 250, sandboxing252, on-screen calculations 254, task flows 256, persistence 258, anddata controls 260. In the eighth layer, Blake Semantic Model Layer 216,dimension 262, metric 264, key performance indicator (KPI) 266, and cube268 extensions are located.

The bottom layer, Core FMW 218, is not discussed in this instance.

In order to achieve the target architecture, the exemplary embodiment ismodularized into a set of functional areas called sub-systems, whichbreak the exemplary embodiment up into manageable pieces that can beidentified, designed, de-risked, and produced.

These sub-systems define a public set of APIs (application programminginterfaces) for access to and manipulation of their internalfunctionality. The exemplary embodiment platform can provide coretechnology to be used in the re-design and implementation of manyexisting financial suite products. In order to build a platform thatwill encompass not only the existing functionality but allow for thedevelopment of new and innovative features, the exemplary embodimentplatform can provide an extension mechanism built in at the core of thesystem. There a number of requirements and design goals that benefitfrom this aspect.

One sub-system design goal of the platform is to encapsulate allinternals of the sub-systems. The sub-system design enforces that allaccess come thru public and defined interfaces. A technical advantage ofthis design is that it encourages and in many ways enforces that thesub-systems are decoupled from each other. This design further mandatesthat communication between specific sub-systems is done thru publicinterfaces and registered call-backs to specific types of functionality.

The sub-systems that communicate with other sub-systems viaconfiguration and call back delegation can be developed independently.It is preferred to maintain the isolation and keep all configurationinformation local to the participating sub-system. That is, developerspreferably should not be able to change sub-systems that they do notdirectly own.

The platform should evolve as features become available. This means thatthe platform itself should be cognizant of what features are currentlyavailable and what it can and cannot show to an end-user.

Based on schedules and priority there may be features required byconsumers of the platform that many not be provided by an internaldeveloper. As such, it would be prudent to allow features to be added tothe platform by other teams or partner companies.

The extension mechanism can be built into the core of the system. Theplatform itself can use this extension mechanism to register featuresfor extensible sub-systems. One goal of this paradigm is if the platformuses its own extension mechanism, external use will come at little or nodevelopment cost.

Application “extensions,” or “add-ins,” provide a way to extend theplatform without changing platform source or rebuilding the platformfiles or other extensions. Extensions can provide the same structure asthe platform and follow the same rules to generate a shared library thatcontains the UI and code for the extension. Extensions will provide aMAR file with the registration information needed to allow the platformto show the extension as an integrated component. Extension sharedlibraries will be deployed along with the platform shared library.

The overall design of the system can be a cooperating set of looselycoupled sub-systems. The sub-systems will be wired together orcommunicate via publicly defined interfaces. There may be one exceptionto this paradigm at the very core of an embodiment; namely the metadatadefinitions. There can be a number of sub-systems or portions ofsub-systems that will define metadata definitions which can be usedthroughout the system. These definitions are the exposed surface of thesub-systems in which they are designed. These definitions may beintended to be used directly by dependent sub-systems to achieve thedeclarative nature of the embodiment.

The sub-systems functionality will be encapsulated and exposed viastandard input and output specifications. The sub-systems, however,should still be factored in terms of the “Target Architecture.” In orderto achieve this, the sub-systems can be broken down into packagespecifications. It is important to note that the sub-systems as definedcan cut across the various layers of the “Target Architecture;”packages, however, typically may not. As part of the design aspect ofthe system, each sub-system will provide an overall design as well as apackage breakdown which will then be placed into the targetarchitecture. The sub-system breakdown is targeted to keep functionalboundaries clean; the subsequent package breakdown is targeted to keepthe delivery architecturally sound.

FIG. 3 illustrates the physical architecture of system 300, an exemplaryembodiment. An extranet desktop client 370, running Microsoft Office,Oracle Hyperion Smart View, and a Web browser may connect to the system300 using the hypertext transfer protocol-secure (HTTPS) or secure filetransfer protocol (SFTP) through the Internet 374 to a reverse proxyserver 378. The reverse proxy server 378 connects through a firewall 376to load balancer hardware 384 that uses compression and a secure socketlayer (SSL). An extranet mobile client 372 may run a native applicationand browser with HTTPS or SFTP through the same means. Alternatively orin addition, an intranet Web client 382 may run a browser with HTTPS orSFTP through a company intranet 380, connecting to dedicated loadbalancer hardware 384 that uses compression and a secure socket layer.

Behind a cloud enterprise firewall, the load balancer hardware 384connects with a pod 385. A pod is a logical grouping of one or morevirtual machines, such as an Oracle Virtual Machine (OVM). Pod 385 has afixed pod size and a fixed number of virtual machines, managed, anddeployed servers.

The pod 385 includes OVMs running a platform application, which connectsto Oracle Public Cloud (OPC) services, including Oracle Social Network(OSN) 394, Oracle Notification Service (ONS) 395, and a document servicethrough Oracle WebCenter 396. OVM 386 runs Oracle metadata services(MDS), enterprise scheduler service (ESS), Web Content, Essbase Java API(JAPI), and Oracle platform security services (OPSS). OVM 388 runsOracle WebCenter for content, and OVM 390 runs an Oracleservice-oriented architecture (SOA) business process execution language(BPEL) engine. OVM 392 runs Jagent and OPSS with Essbase.

MDS, the SOA BPEL engine, and Jagent connect with Oracle text (search),WebCenter, Essbase (JAgent repository), ESS, ONS, SOA, ATO/ApplCore,MDS, and WC Content in module 397. The OPSSes connect with sharedidentify manager (IDM) 398, including a security store andidentification store.

The exemplary embodiment is built for multi-tenancy, with pods beingprovisioned based on the size of a customer and pod availability. Agiven pod can contain tenants all of the same size. The pod size and itsresources can remain constant, and the number of tenants a pod canservice can change based on its category. New pods can be spawned andassigned as the need grows and as tenant service level agreement (SLA)requirements dictate.

Products can be deployed into the platform using shared libraries andOracle Fusion middleware repository creation utility (RCU) scripts.Shared libraries can contain:

1. Java class files and libraries for the product;2. Web UI developed for the product;3. Registration metadata for MDS for registration of productactions/views; and4. Predefined content for MDS, which may include Apps, Models, Reports,Grids, etc.

A shared library's files nominally include:

1. JAR files for data control providers and back end code;2. a WAR (Web application archive) file, including JSPX and task flows;and3. MAR (metadata archive) files, including product files and platformregistration.

An RCU script for setting up the database can be run against thedatabase.

Config Files

Several aspects of the exemplary system allow a product to modify thebehavior of the platform. One aspect is a collection of definedextensible markup language (XML) files deployed with the product intoOracle metadata services (MDS) in Fusion middleware. A second aspect iscustomized XML created using JDev customization and deployed with theproduct into MDS. The XML configuration files (a.k.a. “config files”)can be modified by developers, either within or outside of the cloudprovider, for their add-ins. The config files, if passed back to theBlake platform correctly, will be re-read upon a restart, and the systemwill automatically configure itself to use the new add-ins using the newconfig files.

One aspect of extensibility design is to leverage MDS layeredcustomizations of an XML file defined by an XML schema. A sub-systemthat requires the registration of extensions to its core functionalitywill define the extension points using an XML schema to declare thestructure of its configuration and two initial configuration files—onefor internal platform developments and one for external platformdevelopers. The actual modification and packaging of the extendedinformation can be done using Oracle JDeveloper Extensions and ADFLibrary Jars for modification and MAR deployments for packaging. Ofcourse, this is not limited to Oracle's cloud system but can bepracticed by any cloud SaaS provider.

FIG. 4 illustrates the passing of configuration files in accordance withan embodiment. In the figure, which shows process 400, time increaseswhen moving to the right. Config file 402 is produced by a cloud SaaSprovider. Config file 402 conforms to XML schema 401 and includes configdata for internal (i.e., internal to the cloud SaaS provider) sub-systemextensions. In step 403, an ‘empty’ copy of the config file 402 iscreated to produce config file 404. Empty config file 404 is notactually empty; rather, it contains no configuration entries based onXML schema 401. It merely contains headers and the like with no childelements. Empty config file 404 is provided to a 3rd party extensiondeveloper for editing, outside the cloud services provider. It can besaid that config file 404 is transferred across a cloud servicesprovider firewall to an computer environment not protected by thefirewall.

In step 405, the 3rd party extension developer modifies empty configfile 404 to create config file 406. Because the 3rd party extensiondeveloper would not normally delete any of the headers or related tagsfrom empty config file 404, it can be said that the 3rd party extensiondeveloper adds to empty config file 404 in order to create config file406.

In step 407, delta file 408 is created from the 3rd party extensiondeveloper's changes memorialized by config file 406. Delta file 408contains only changes from empty config file 404 to config file 406. Thedelta file is included in a MAR file, which is placed in an MDScustomization file. The delta file can be created automatically, withoutdirect human intervention.

Delta file 408 can be created by tracking a user's edits to the copy ofthe file. It can also be created by comparison between the starting andending documents. For example, document 406 can be compared withdocument 404 using a diff utility.

In step 409, delta file 408, within an MDS customization file, is parsedand automatically inserted or otherwise reconciled into config file 402to create config file 410, a unified configuration file. Unified configfile 410 can include delta file 408 as well as various other delta filesfrom other 3rd party extension and internal developers for theirextensions and add-ins. In some embodiments, unified config file 410 mayexist in volatile memory only and not on disk or other nonvolatilememory. In other embodiments, unified config file 410 can be saved asits own file in a file system.

In step 411, a restart of the system initiates a re-reading of theunified config file 410, such that the proper objects are instantiatedfrom classes in shared libraries. These shared libraries include unifiedconfig file 410, which configures the system for the proper objects tobe loaded.

If there is an error reading the configuration from delta file 408 inunified config file 410, the system 400 passes over it and continuesreading other configurations from the file. In this way, one developerwith faulty code does not corrupt the entire system. Instead, thedeveloper's extension is simply not available at run time.

FIG. 5 shows a merged config file in accordance with an embodiment.Internal config file 402 has been merged with delta file 408 to createunified config file 510. At the top are the XML version and encoding,followed by the providers tags with the specified namespace and XMLschema. The internal configurations are included first, and then thethird party sub-system configuration, in the contents from delta file408, is included. The merging is performed behind the firewall of thecloud service provider, thereby ensuring secrecy of the internalconfigurations. That is, the internal configuration never has to betransferred external to the cloud service provider's firewall.

Although the internal configurations come first in the exemplaryembodiment, other orders of configurations are envisioned.

In some embodiments, an internal and external XML configuration filewill be packaged in two separate ADF Library Jars, which will allow thefiles to be customized in JDeveloper Studio. The internal file will beprovided to Blake platform developers to be included into their specificsub-system projects. Once there, a Blake platform developer can createthe customizations to this file in JDeveloper customizer role. Thecustomizations will be packaged by the project or sub-system in itsshared library as a MAR file.

The external file will be provided to external platform developers to beincluded in their projects. They can customize this file in the same wayinternal developers will customize the internal file. The provider ofthe sub-system and customization files will read these two files andmerge the results to form the global set of configurations.

FIG. 6 illustrates a third-party developer and end user relationship inaccordance with an embodiment. In system 600, cloud server 601 containsshared library 602 of dynamic library executables, comprising a cloudapplication.

Third-party developer 605 prepares his or her own extension to work withthe cloud application, essentially creating class definitions 604 forhis or her service. Third-party developer 605 also preparesconfigurations for the service and class definitions 604. Thoseconfigurations are deposited in configuration delta file 608.Configuration delta file 608 and class definitions 604 are dropped intoMAR file 603 and then delivered to cloud server 601.

Once config delta file 608 is merged with the internal configurationfile for the cloud provider's application, it is treated like any otherconfiguration. Cloud server 601 reads the updated configuration file andinstantiates objects from class definitions 604 based on the updatedconfiguration file. The instantiated objects are available as servicesin application 606 for end user 607 to use.

Class definitions and configurations that are developed internal to thecloud service provider and those that are developed external bythird-party developers to the cloud service provider can be handledrelatively equally by middleware that implements functions of theenterprise software.

FIG. 7 illustrates unifying a set of objects from internal and externaldevelopers in accordance with an embodiment. In process 700, timeincreases when moving to the right and all steps occur inside the cloudservers except for preparing external delta configuration file 708. Allconfiguration files are compatible with XML schema 701.

Internal delta configuration file 703 is provided by internal developersfor core services in a MAR file. Internal base configuration file 702and internal delta configuration file 703 are then merged using MDS instep 719 into first config file 720. It is read and then used toinstantiate objects in step 721. Objects 723 for the internal baseservices and internal adjunct services are then instantiated, ready foruse.

External delta configuration file 704 is provided to third-partydevelopers for editing to make external delta configuration file 708.External base configuration file 704, which may be empty, and externaldelta configuration file 708 are then merged using MDS in step 709 intosecond config file 710. It is read and then used to instantiate objectsfor the externally developed services in step 711. Objects 713 for thethird party services are then instantiated, ready for use. Note thatbecause there were no external base configurations, no external baseobjects are instantiated.

In step 714, internal and external objects 723 and 713 are unified intoa common set of objects 715. While referred to as ‘internal’ and‘external’ objects, all of the objects are created on the cloud server.The ‘internal’ and ‘external’ designations merely describe whether theywere from internal or external developers. After the set of objects areunified, unified set of objects 715 is available as a softwareapplication and services on the cloud computing network.

FIG. 8 illustrates a cloud server providing combined software frommultiple developers in accordance with an embodiment. In system 800,internal and external developers create services for a cloud applicationthat runs on a server for end users 822.

Internal developer 801 writes base configuration file 807 and internalclass definitions 808 and packages them in MAR file 806. MAR file 806 isthen transferred to cloud server 805.

Likewise, internal developer 802 writes configurations and classdefinitions 811 and packages them in MAR file 809. However, the baseconfiguration file that internal developer 802 began with is empty, orcontains only limited other configurations. Configuration delta file 810is a delta file from that base configuration file, containing onlyadditions to the file. MAR file 809 is then provided to cloud server 805to be used with core services 806. All authenticated, subscribed usersfor the particular services of the cloud SaaS application can use theservices provided in MAR files 806 and 809 as determined by the cloudservice provider.

Third-party developers 803 and 804 write configurations and classdefinitions for their third-party services 812 and 816, respectively.For third party service 812, configuration delta file 813, classdefinitions 814, and tenant access list rules 815 are provided in a MARfile from third-party developer 803. For third party service 816,configuration file 817, class definitions 818, and tenant access listrules 819 are provided in a MAR file from third party developer 804.

Cloud server 805 combines internal base configuration file 807, internalconfiguration delta file 810, third-party service 812 configurationdelta file 813, and third-party service 816 configuration delta file 817in unified configuration file 820. Effectively, the internal andexternal configuration files are treated the same. One technicaladvantage of this is that multiple configuration file readers andadaptors do not need to be devised or implemented. Testing of the systemfor an internal developer may be sufficient for external developers.

Cloud server 805 uses unified configuration file 820 to read relatedclass definitions 808, 811, 814, and 818 and instantiate objects 821.These objects, collectively a computer program, can be used by users822. Some of the objects are for the third-party developer's services,which are transparently intermingled with the base services.

Tenant access list rules 815 and 819 are implemented by cloud server 805to grant or block access to the third-party developer's services tocertain users. For example, users who have subscribed to services ofthird-party developer 803 through a web site on cloud server 805 may begranted access if the number of seats for utilizing the service are notalready filled up by the tenant user. This may come from incrementing acounter each time an employee of a tenant logs in. The counterdecrements when the employee logs out. A tenant access list rule mayspecify that users who have entered a particular password have access toa premium service. As another example, mobile users may be afforded theuse of different third-party services than those users using generalpurpose computers based upon flags in their browsers.

A tenant access list rule may simply charge an account on file for aparticular tenant or otherwise automatically transfer money betweenaccounts each time a service is accessed by one of its employees.

FIG. 9 illustrates a purchase of a service in accordance with anembodiment. In process 900, a new feature (in a service) has beenprovided to a cloud SaaS provider by a developer. The successful mergingof the configuration file and instantiation of service objects triggersa message to go out to users.

The message may be in the form of an email, instant message, onlinepost, short message service (SMS) text message, or multimedia messagingservice (MMS) message, or otherwise as known in the art. The message maygo out in response to a new service or an upgrade to an existingservice. For example, a subscriber to a third-party developer's servicemay opt for upgrade notices to be sent by the cloud server to his or herwork email. The subscriber can then decide to use the service if he orshe is interested.

Message 901 indicates that a new feature of a service has been added tothe cloud network by a third party developer. Active element 902, abutton, is presented to the user for purchasing. After entry of data topurchase the advertised service and checkout, money is transferred instep 903 from the user to the third-party developer. The cloud providermay take a percentage or other amount for facilitating the arrangement.

Tenant access list rule 904 is updated to reflect that tenant 906 haspaid for the service, and the service is provided to user 906 in anapplication shown in screenshot 905.

FIG. 10 is a flowchart of a process in accordance with an embodiment.Process 1000 can be implemented wholly or partly in one or morecomputing devices. In operation 1001, a copy of a config file that iscompatible with a file schema is delivered to a third-party developer,the file schema defining an element, child element, and attribute. Inoperation 1002, an archive file including a delta file created from thethird-party developer editing the copy of the config file is receivedfrom the third-party developer. The delta file includes one or moreconfigurations for class definitions for a feature of a service on amulti-tenant cloud environment, the delta file including a tenant accesslist rule for the feature, the delta file being compatible with the fileschema. In operation 1003, the delta file is merged, in a multi-tenantcloud environment using at least one processor operatively coupled witha memory, with the config file to create an executable code config filehaving the service feature and tenant access list rule, the executablecode config file being compatible with the file schema. In operation1004, objects are instantiated for the service feature based on theexecutable code config file. In operation 1005, access is granted to theservice feature for a tenant in accordance with the tenant access listrule in the executable code config file.

FIG. 11 is a flowchart of a process in accordance with an embodiment.Process 1100 can be implemented wholly or partly in one or morecomputing devices. In operation 1101, a copy of a config file isreceived, the config file being compatible with an extensible markuplanguage (XML) file schema that defines an element, child element, andattribute. In operation 1102, the copy of the config file is edited toadd configurations for class definitions for a feature of a service in amulti-tenant cloud environment. In operation 1103, the copy of theconfig file is edited to list one or more tenant rules authorizingaccess to the service. In operation 1104, the edited copy of the configfile is packaged in a metadata archive (MAR) file. In operation 1105,the MAR file is delivered to the multi-tenant cloud environment. Inoperation 1106, the multi-tenant cloud environment is triggered, usingat least one processor operatively coupled with a memory, to instantiateobjects based on the class definitions and automatically grant the oneor more tenants access to the service.

Computing Systems

Systems depicted in some of the figures may be provided in variousconfigurations. In some embodiments, the systems may be configured as adistributed system where one or more components of the system aredistributed across one or more networks in a cloud computing system.

FIG. 12 depicts a simplified diagram of a distributed system 1200 forimplementing one of the embodiments. In the illustrated embodiment,distributed system 1200 includes one or more client computing devices1202, 1204, 1206, and 1208, which are configured to execute and operatea client application such as a web browser, proprietary client (e.g.,Oracle Forms), or the like over one or more network(s) 1210. Server 1212may be communicatively coupled with remote client computing devices1202, 1204, 1206, and 1208 via network 1210.

In various embodiments, server 1212 may be adapted to run one or moreservices or software applications provided by one or more of thecomponents of the system. In some embodiments, these services may beoffered as web-based or cloud services or under a Software as a Service(SaaS) model to the users of client computing devices 1202, 1204, 1206,and/or 1208. Users operating client computing devices 1202, 1204, 1206,and/or 1208 may in turn utilize one or more client applications tointeract with server 1212 to utilize the services provided by thesecomponents.

In the configuration depicted in the figure, the software components1218, 1220 and 1222 of system 1200 are shown as being implemented onserver 1212. In other embodiments, one or more of the components ofsystem 1200 and/or the services provided by these components may also beimplemented by one or more of the client computing devices 1202, 1204,1206, and/or 1208. Users operating the client computing devices may thenutilize one or more client applications to use the services provided bythese components. These components may be implemented in hardware,firmware, software, or combinations thereof. It should be appreciatedthat various different system configurations are possible, which may bedifferent from distributed system 1200. The embodiment shown in thefigure is thus one example of a distributed system for implementing anembodiment system and is not intended to be limiting.

Client computing devices 1202, 1204, 1206, and/or 1208 may be portablehandheld devices (e.g., an iPhone® cellular telephone, an iPad®computing tablet, a personal digital assistant (PDA)) or wearabledevices (e.g., a Google Glass® head mounted display), running softwaresuch as Microsoft Windows Mobile®, and/or a variety of mobile operatingsystems such as iOS, Windows Phone, Android, BlackBerry 10, Palm OS, andthe like, and being Internet, e-mail, short message service (SMS),Blackberry®, or other communication protocol enabled. The clientcomputing devices can be general purpose personal computers including,by way of example, personal computers and/or laptop computers runningvarious versions of Microsoft Windows®, Apple Macintosh®, and/or Linuxoperating systems. The client computing devices can be workstationcomputers running any of a variety of commercially-available UNIX® orUNIX-like operating systems, including without limitation the variety ofGNU/Linux operating systems, such as for example, Google Chrome OS.Alternatively, or in addition, client computing devices 1202, 1204,1206, and 1208 may be any other electronic device, such as a thin-clientcomputer, an Internet-enabled gaming system (e.g., a Microsoft Xbox®gaming console with or without a Kinect® gesture input device), and/or apersonal messaging device, capable of communicating over network(s)1210.

Although exemplary distributed system 1200 is shown with four clientcomputing devices, any number of client computing devices may besupported. Other devices, such as devices with sensors, etc., mayinteract with server 1212.

Network(s) 1210 in distributed system 1200 may be any type of networkfamiliar to those skilled in the art that can support datacommunications using any of a variety of commercially-availableprotocols, including without limitation TCP/IP (transmission controlprotocol/Internet protocol), SNA (systems network architecture), IPX(Internet packet exchange), AppleTalk, and the like. Merely by way ofexample, network(s) 1210 can be a local area network (LAN), such as onebased on Ethernet, Token-Ring and/or the like. Network(s) 1210 can be awide-area network and the Internet. It can include a virtual network,including without limitation a virtual private network (VPN), anintranet, an extranet, a public switched telephone network (PSTN), aninfra-red network, a wireless network (e.g., a network operating underany of the Institute of Electrical and Electronics (IEEE) 802.11 suiteof protocols, Bluetooth®, and/or any other wireless protocol); and/orany combination of these and/or other networks.

Server 1212 may be composed of one or more general purpose computers,specialized server computers (including, by way of example, PC (personalcomputer) servers, UNIX® servers, mid-range servers, mainframecomputers, rack-mounted servers, etc.), server farms, server clusters,or any other appropriate arrangement and/or combination. In variousembodiments, server 1212 may be adapted to run one or more services orsoftware applications described in the foregoing disclosure. Forexample, server 1212 may correspond to a server for performingprocessing described above according to an embodiment of the presentdisclosure.

Server 1212 may run an operating system including any of those discussedabove, as well as any commercially available server operating system.Server 1212 may also run any of a variety of additional serverapplications and/or mid-tier applications, including HTTP (hypertexttransport protocol) servers, FTP (file transfer protocol) servers, CGI(common gateway interface) servers, JAVA® servers, database servers, andthe like. Exemplary database servers include without limitation thosecommercially available from Oracle, Microsoft, Sybase, IBM(International Business Machines), and the like.

In some implementations, server 1212 may include one or moreapplications to analyze and consolidate data feeds and/or event updatesreceived from users of client computing devices 1202, 1204, 1206, and1208. As an example, data feeds and/or event updates may include, butare not limited to, Twitter® feeds, Facebook® updates or real-timeupdates received from one or more third party information sources andcontinuous data streams, which may include real-time events related tosensor data applications, financial tickers, network performancemeasuring tools (e.g., network monitoring and traffic managementapplications), clickstream analysis tools, automobile trafficmonitoring, and the like. Server 1212 may also include one or moreapplications to display the data feeds and/or real-time events via oneor more display devices of client computing devices 1202, 1204, 1206,and 1208.

Distributed system 1200 may also include one or more databases 1214 and1216. Databases 1214 and 1216 may reside in a variety of locations. Byway of example, one or more of databases 1214 and 1216 may reside on anon-transitory storage medium local to (and/or resident in) server 1212.Alternatively, databases 1214 and 1216 may be remote from server 1212and in communication with server 1212 via a network-based or dedicatedconnection. In one set of embodiments, databases 1214 and 1216 mayreside in a storage-area network (SAN). Similarly, any necessary filesfor performing the functions attributed to server 1212 may be storedlocally on server 1212 and/or remotely, as appropriate. In one set ofembodiments, databases 1214 and 1216 may include relational databases,such as databases provided by Oracle, that are adapted to store, update,and retrieve data in response to SQL-formatted commands.

FIG. 13 is a simplified block diagram of one or more components of asystem environment 1300 by which services provided by one or morecomponents of an embodiment system may be offered as cloud services, inaccordance with an embodiment of the present disclosure. In theillustrated embodiment, system environment 1300 includes one or moreclient computing devices 1304, 1306, and 1308 that may be used by usersto interact with a cloud infrastructure system 1302 that provides cloudservices. The client computing devices may be configured to operate aclient application such as a web browser, a proprietary clientapplication (e.g., Oracle Forms), or some other application, which maybe used by a user of the client computing device to interact with cloudinfrastructure system 1302 to use services provided by cloudinfrastructure system 1302.

It should be appreciated that cloud infrastructure system 1302 depictedin the figure may have other components than those depicted. Further,the embodiment shown in the figure is only one example of a cloudinfrastructure system that may incorporate an embodiment of theinvention. In some other embodiments, cloud infrastructure system 1302may have more or fewer components than shown in the figure, may combinetwo or more components, or may have a different configuration orarrangement of components.

Client computing devices 1304, 1306, and 1308 may be devices similar tothose described above for 1202, 1204, 1206, and 1208.

Although exemplary system environment 1300 is shown with three clientcomputing devices, any number of client computing devices may besupported. Other devices such as devices with sensors, etc. may interactwith cloud infrastructure system 1302.

Network(s) 1310 may facilitate communications and exchange of databetween clients 1304, 1306, and 1308 and cloud infrastructure system1302. Each network may be any type of network familiar to those skilledin the art that can support data communications using any of a varietyof commercially-available protocols, including those described above fornetwork(s) 1210.

Cloud infrastructure system 1302 may comprise one or more computersand/or servers that may include those described above for server 1212.

In certain embodiments, services provided by the cloud infrastructuresystem may include a host of services that are made available to usersof the cloud infrastructure system on demand, such as online datastorage and backup solutions, Web-based e-mail services, hosted officesuites and document collaboration services, database processing, managedtechnical support services, and the like. Services provided by the cloudinfrastructure system can dynamically scale to meet the needs of itsusers. A specific instantiation of a service provided by cloudinfrastructure system is referred to herein as a “service instance.” Ingeneral, any service made available to a user via a communicationnetwork, such as the Internet, from a cloud service provider's system isreferred to as a “cloud service.” Typically, in a public cloudenvironment, servers and systems that make up the cloud serviceprovider's system are different from the customer's own on-premisesservers and systems. For example, a cloud service provider's system mayhost an application, and a user may, via a communication network such asthe Internet, on demand, order and use the application.

In some examples, a service in a computer network cloud infrastructuremay include protected computer network access to storage, a hosteddatabase, a hosted web server, a software application, or other serviceprovided by a cloud vendor to a user, or as otherwise known in the art.For example, a service can include password-protected access to remotestorage on the cloud through the Internet. As another example, a servicecan include a web service-based hosted relational database and ascript-language middleware engine for private use by a networkeddeveloper. As another example, a service can include access to an emailsoftware application hosted on a cloud vendor's web site.

In certain embodiments, cloud infrastructure system 1302 may include asuite of applications, middleware, and database service offerings thatare delivered to a customer in a self-service, subscription-based,elastically scalable, reliable, highly available, and secure manner. Anexample of such a cloud infrastructure system is the Oracle Public Cloudprovided by the present assignee.

In various embodiments, cloud infrastructure system 1302 may be adaptedto automatically provision, manage and track a customer's subscriptionto services offered by cloud infrastructure system 1302. Cloudinfrastructure system 1302 may provide the cloud services via differentdeployment models. For example, services may be provided under a publiccloud model in which cloud infrastructure system 1302 is owned by anorganization selling cloud services (e.g., owned by Oracle) and theservices are made available to the general public or different industryenterprises. As another example, services may be provided under aprivate cloud model in which cloud infrastructure system 1302 isoperated solely for a single organization and may provide services forone or more entities within the organization. The cloud services mayalso be provided under a community cloud model in which cloudinfrastructure system 1302 and the services provided by cloudinfrastructure system 1302 are shared by several organizations in arelated community. The cloud services may also be provided under ahybrid cloud model, which is a combination of two or more differentmodels.

In some embodiments, the services provided by cloud infrastructuresystem 1302 may include one or more services provided under Software asa Service (SaaS) category, Platform as a Service (PaaS) category,Infrastructure as a Service (IaaS) category, or other categories ofservices including hybrid services. A customer, via a subscriptionorder, may order one or more services provided by cloud infrastructuresystem 1302. Cloud infrastructure system 1302 then performs processingto provide the services in the customer's subscription order.

In some embodiments, the services provided by cloud infrastructuresystem 1302 may include, without limitation, application services,platform services and infrastructure services. In some examples,application services may be provided by the cloud infrastructure systemvia a SaaS platform. The SaaS platform may be configured to providecloud services that fall under the SaaS category. For example, the SaaSplatform may provide capabilities to build and deliver a suite ofon-demand applications on an integrated development and deploymentplatform. The SaaS platform may manage and control the underlyingsoftware and infrastructure for providing the SaaS services. Byutilizing the services provided by the SaaS platform, customers canutilize applications executing on the cloud infrastructure system.Customers can acquire the application services without the need forcustomers to purchase separate licenses and support. Various differentSaaS services may be provided. Examples include, without limitation,services that provide solutions for sales performance management,enterprise integration, and business flexibility for largeorganizations.

In some embodiments, platform services may be provided by the cloudinfrastructure system via a PaaS platform. The PaaS platform may beconfigured to provide cloud services that fall under the PaaS category.Examples of platform services may include without limitation servicesthat enable organizations (such as Oracle) to consolidate existingapplications on a shared, common architecture, as well as the ability tobuild new applications that leverage the shared services provided by theplatform. The PaaS platform may manage and control the underlyingsoftware and infrastructure for providing the PaaS services. Customerscan acquire the PaaS services provided by the cloud infrastructuresystem without the need for customers to purchase separate licenses andsupport. Examples of platform services include, without limitation,Oracle Java Cloud Service (JCS), Oracle Database Cloud Service (DBCS),and others.

By utilizing the services provided by the PaaS platform, customers canemploy programming languages and tools supported by the cloudinfrastructure system and also control the deployed services. In someembodiments, platform services provided by the cloud infrastructuresystem may include database cloud services, middleware cloud services(e.g., Oracle Fusion Middleware services), and Java cloud services. Inone embodiment, database cloud services may support shared servicedeployment models that enable organizations to pool database resourcesand offer customers a Database as a Service in the form of a databasecloud. Middleware cloud services may provide a platform for customers todevelop and deploy various business applications, and Java cloudservices may provide a platform for customers to deploy Javaapplications, in the cloud infrastructure system.

Various different infrastructure services may be provided by an IaaSplatform in the cloud infrastructure system. The infrastructure servicesfacilitate the management and control of the underlying computingresources, such as storage, networks, and other fundamental computingresources for customers utilizing services provided by the SaaS platformand the PaaS platform.

In certain embodiments, cloud infrastructure system 1302 may alsoinclude infrastructure resources 1330 for providing the resources usedto provide various services to customers of the cloud infrastructuresystem. In one embodiment, infrastructure resources 1330 may includepre-integrated and optimized combinations of hardware, such as servers,storage, and networking resources to execute the services provided bythe PaaS platform and the SaaS platform.

In some embodiments, resources in cloud infrastructure system 1302 maybe shared by multiple users and dynamically re-allocated per demand.Additionally, resources may be allocated to users in different timezones. For example, cloud infrastructure system 1330 may enable a firstset of users in a first time zone to utilize resources of the cloudinfrastructure system for a specified number of hours and then enablethe re-allocation of the same resources to another set of users locatedin a different time zone, thereby maximizing the utilization ofresources.

In certain embodiments, a number of internal shared services 1332 may beprovided that are shared by different components or modules of cloudinfrastructure system 1302 and by the services provided by cloudinfrastructure system 1302. These internal shared services may include,without limitation, a security and identity service, an integrationservice, an enterprise repository service, an enterprise managerservice, a virus scanning and white list service, a high availability,backup and recovery service, service for enabling cloud support, anemail service, a notification service, a file transfer service, and thelike.

In certain embodiments, cloud infrastructure system 1302 may providecomprehensive management of cloud services (e.g., SaaS, PaaS, and IaaSservices) in the cloud infrastructure system. In one embodiment, cloudmanagement functionality may include capabilities for provisioning,managing and tracking a customer's subscription received by cloudinfrastructure system 1302, and the like.

In one embodiment, as depicted in the figure, cloud managementfunctionality may be provided by one or more modules, such as an ordermanagement module 1320, an order orchestration module 1322, an orderprovisioning module 1324, an order management and monitoring module1326, and an identity management module 1328. These modules may includeor be provided using one or more computers and/or servers, which may begeneral purpose computers, specialized server computers, server farms,server clusters, or any other appropriate arrangement and/orcombination.

In exemplary operation 1334, a customer using a client device, such asclient device 1304, 1306 or 1308, may interact with cloud infrastructuresystem 1302 by requesting one or more services provided by cloudinfrastructure system 1302 and placing an order for a subscription forone or more services offered by cloud infrastructure system 1302. Incertain embodiments, the customer may access a cloud User Interface(UI), cloud UI 1312, cloud UI 1314 and/or cloud UI 1316 and place asubscription order via these UIs. The order information received bycloud infrastructure system 1302 in response to the customer placing anorder may include information identifying the customer and one or moreservices offered by the cloud infrastructure system 1302 that thecustomer intends to subscribe to.

After an order has been placed by the customer, the order information isreceived via the cloud UIs, 1312, 1314 and/or 1316.

At operation 1336, the order is stored in order database 1318. Orderdatabase 1318 can be one of several databases operated by cloudinfrastructure system 1318 and operated in conjunction with other systemelements.

At operation 1338, the order information is forwarded to an ordermanagement module 1320. In some instances, order management module 1320may be configured to perform billing and accounting functions related tothe order, such as verifying the order, and upon verification, bookingthe order.

At operation 1340, information regarding the order is communicated to anorder orchestration module 1322. Order orchestration module 1322 mayutilize the order information to orchestrate the provisioning ofservices and resources for the order placed by the customer. In someinstances, order orchestration module 1322 may orchestrate theprovisioning of resources to support the subscribed services using theservices of order provisioning module 1324.

In certain embodiments, order orchestration module 1322 enables themanagement of business processes associated with each order and appliesbusiness logic to determine whether an order should proceed toprovisioning. At operation 1342, upon receiving an order for a newsubscription, order orchestration module 1322 sends a request to orderprovisioning module 1324 to allocate resources and configure thoseresources needed to fulfill the subscription order. Order provisioningmodule 1324 enables the allocation of resources for the services orderedby the customer. Order provisioning module 1324 provides a level ofabstraction between the cloud services provided by cloud infrastructuresystem 1300 and the physical implementation layer that is used toprovision the resources for providing the requested services. Orderorchestration module 1322 may thus be isolated from implementationdetails, such as whether or not services and resources are actuallyprovisioned on the fly or pre-provisioned and only allocated/assignedupon request.

At operation 1344, once the services and resources are provisioned, anotification of the provided service may be sent to customers on clientdevices 1304, 1306 and/or 1308 by order provisioning module 1324 ofcloud infrastructure system 1302.

At operation 1346, the customer's subscription order may be managed andtracked by an order management and monitoring module 1326. In someinstances, order management and monitoring module 1326 may be configuredto collect usage statistics for the services in the subscription order,such as the amount of storage used, the amount data transferred, thenumber of users, and the amount of system up time and system down time.

In certain embodiments, cloud infrastructure system 1300 may include anidentity management module 1328. Identity management module 1328 may beconfigured to provide identity services, such as access management andauthorization services in cloud infrastructure system 1300. In someembodiments, identity management module 1328 may control informationabout customers who wish to utilize the services provided by cloudinfrastructure system 1302. Such information can include informationthat authenticates the identities of such customers and information thatdescribes which actions those customers are authorized to performrelative to various system resources (e.g., files, directories,applications, communication ports, memory segments, etc.) Identitymanagement module 1328 may also include the management of descriptiveinformation about each customer and about how and by whom thatdescriptive information can be accessed and modified.

FIG. 14 illustrates an exemplary computer system 1400, in which variousembodiments of the present invention may be implemented. The system 1400may be used to implement any of the computer systems described above. Asshown in the figure, computer system 1400 includes a processing unit1404 that communicates with a number of peripheral subsystems via a bussubsystem 1402. These peripheral subsystems may include a processingacceleration unit 1406, an I/O subsystem 1408, a storage subsystem 1418and a communications subsystem 1424. Storage subsystem 1418 includestangible computer-readable storage media 1422 and a system memory 1410.

Bus subsystem 1402 provides a mechanism for letting the variouscomponents and subsystems of computer system 1400 communicate with eachother as intended. Although bus subsystem 1402 is shown schematically asa single bus, alternative embodiments of the bus subsystem may utilizemultiple buses. Bus subsystem 1402 may be any of several types of busstructures including a memory bus or memory controller, a peripheralbus, and a local bus using any of a variety of bus architectures. Forexample, such architectures may include an Industry StandardArchitecture (ISA) bus, Micro Channel Architecture (MCA) bus, EnhancedISA (EISA) bus, Video Electronics Standards Association (VESA) localbus, and Peripheral Component Interconnect (PCI) bus, which can beimplemented as a Mezzanine bus manufactured to the IEEE P1486.1standard.

Processing unit 1404, which can be implemented as one or more integratedcircuits (e.g., a conventional microprocessor or microcontroller),controls the operation of computer system 1400. One or more processorsmay be included in processing unit 1404. These processors may includesingle core or multicore processors. In certain embodiments, processingunit 1404 may be implemented as one or more independent processing units1432 and/or 1434 with single or multicore processors included in eachprocessing unit. In other embodiments, processing unit 1404 may also beimplemented as a quad-core processing unit formed by integrating twodual-core processors into a single chip.

In various embodiments, processing unit 1404 can execute a variety ofprograms in response to program code and can maintain multipleconcurrently executing programs or processes. At any given time, some orall of the program code to be executed can be resident in processor(s)1404 and/or in storage subsystem 1418. Through suitable programming,processor(s) 1404 can provide various functionalities described above.Computer system 1400 may additionally include a processing accelerationunit 1406, which can include a digital signal processor (DSP), aspecial-purpose processor, and/or the like.

I/O subsystem 1408 may include user interface input devices and userinterface output devices. User interface input devices may include akeyboard, pointing devices such as a mouse or trackball, a touchpad ortouch screen incorporated into a display, a scroll wheel, a click wheel,a dial, a button, a switch, a keypad, audio input devices with voicecommand recognition systems, microphones, and other types of inputdevices. User interface input devices may include, for example, motionsensing and/or gesture recognition devices such as the Microsoft Kinect®motion sensor that enables users to control and interact with an inputdevice, such as the Microsoft Xbox® 360 game controller, through anatural user interface using gestures and spoken commands. Userinterface input devices may also include eye gesture recognition devicessuch as the Google Glass® blink detector that detects eye activity(e.g., ‘blinking’ while taking pictures and/or making a menu selection)from users and transforms the eye gestures as input into an input device(e.g., Google Glass®). Additionally, user interface input devices mayinclude voice recognition sensing devices that enable users to interactwith voice recognition systems (e.g., Siri® navigator), through voicecommands.

User interface input devices may also include, without limitation, threedimensional (3D) mice, joysticks or pointing sticks, gamepads andgraphic tablets, and audio/visual devices such as speakers, digitalcameras, digital camcorders, portable media players, webcams, imagescanners, fingerprint scanners, barcode reader 3D scanners, 3D printers,laser rangefinders, and eye gaze tracking devices. Additionally, userinterface input devices may include, for example, medical imaging inputdevices such as computed tomography, magnetic resonance imaging,position emission tomography, medical ultrasonography devices. Userinterface input devices may also include, for example, audio inputdevices such as MIDI keyboards, digital musical instruments and thelike.

User interface output devices may include a display subsystem, indicatorlights, or non-visual displays such as audio output devices, etc. Thedisplay subsystem may be a cathode ray tube (CRT), a flat-panel device,such as that using a liquid crystal display (LCD) or plasma display, aprojection device, a touch screen, and the like. In general, use of theterm “output device” is intended to include all possible types ofdevices and mechanisms for outputting information from computer system1400 to a user or other computer. For example, user interface outputdevices may include, without limitation, a variety of display devicesthat visually convey text, graphics and audio/video information such asmonitors, printers, speakers, headphones, automotive navigation systems,plotters, voice output devices, and modems.

Computer system 1400 may comprise a storage subsystem 1418 thatcomprises software elements, shown as being currently located within asystem memory 1410. System memory 1410 may store program instructionsthat are loadable and executable on processing unit 1404, as well asdata generated during the execution of these programs.

Depending on the configuration and type of computer system 1400, systemmemory 1410 may be volatile (such as random access memory (RAM)) and/ornon-volatile (such as read-only memory (ROM), flash memory, etc.) TheRAM typically contains data and/or program modules that are immediatelyaccessible to and/or presently being operated and executed by processingunit 1404. In some implementations, system memory 1410 may includemultiple different types of memory, such as static random access memory(SRAM) or dynamic random access memory (DRAM). In some implementations,a basic input/output system (BIOS), containing the basic routines thathelp to transfer information between elements within computer system1400, such as during start-up, may typically be stored in the ROM. Byway of example, and not limitation, system memory 1410 also illustratesapplication programs 1412, which may include client applications, Webbrowsers, mid-tier applications, relational database management systems(RDBMS), etc., program data 1414, and an operating system 1416. By wayof example, operating system 1416 may include various versions ofMicrosoft Windows®, Apple Macintosh®, and/or Linux operating systems, avariety of commercially-available UNIX® or UNIX-like operating systems(including without limitation the variety of GNU/Linux operatingsystems, the Google Chrome® OS, and the like) and/or mobile operatingsystems such as iOS, Windows® Phone, Android® OS, BlackBerry® 10 OS, andPalm® OS operating systems.

Storage subsystem 1418 may also provide a tangible computer-readablestorage medium for storing the basic programming and data constructsthat provide the functionality of some embodiments. Software (programs,code modules, instructions) that when executed by a processor providethe functionality described above may be stored in storage subsystem1418. These software modules or instructions may be executed byprocessing unit 1404. Storage subsystem 1418 may also provide arepository for storing data used in accordance with the presentinvention.

Storage subsystem 1400 may also include a computer-readable storagemedia reader 1420 that can further be connected to computer-readablestorage media 1422. Together and, optionally, in combination with systemmemory 1410, computer-readable storage media 1422 may comprehensivelyrepresent remote, local, fixed, and/or removable storage devices plusstorage media for temporarily and/or more permanently containing,storing, transmitting, and retrieving computer-readable information.

Computer-readable storage media 1422 containing code, or portions ofcode, can also include any appropriate media known or used in the art,including storage media and communication media, such as but not limitedto, volatile and non-volatile, removable and non-removable mediaimplemented in any method or technology for storage and/or transmissionof information. This can include tangible computer-readable storagemedia such as RAM, ROM, electronically erasable programmable ROM(EEPROM), flash memory or other memory technology, CD-ROM, digitalversatile disk (DVD), or other optical storage, magnetic cassettes,magnetic tape, magnetic disk storage or other magnetic storage devices,or other tangible computer readable media. This can also includenontangible computer-readable media, such as data signals, datatransmissions, or any other medium which can be used to transmit thedesired information and which can be accessed by computing system 1400.

By way of example, computer-readable storage media 1422 may include ahard disk drive that reads from or writes to non-removable, nonvolatilemagnetic media, a magnetic disk drive that reads from or writes to aremovable, nonvolatile magnetic disk, and an optical disk drive thatreads from or writes to a removable, nonvolatile optical disk such as aCD ROM, DVD, and Blu-Ray® disk, or other optical media.Computer-readable storage media 1422 may include, but is not limited to,Zip® drives, flash memory cards, universal serial bus (USB) flashdrives, secure digital (SD) cards, DVD disks, digital video tape, andthe like. Computer-readable storage media 1422 may also include,solid-state drives (SSD) based on non-volatile memory such asflash-memory based SSDs, enterprise flash drives, solid state ROM, andthe like, SSDs based on volatile memory such as solid state RAM, dynamicRAM, static RAM, DRAM-based SSDs, magnetoresistive RAM (MRAM) SSDs, andhybrid SSDs that use a combination of DRAM and flash memory based SSDs.The disk drives and their associated computer-readable media may providenon-volatile storage of computer-readable instructions, data structures,program modules, and other data for computer system 1400.

Communications subsystem 1424 provides an interface to other computersystems and networks. Communications subsystem 1424 serves as aninterface for receiving data from and transmitting data to other systemsfrom computer system 1400. For example, communications subsystem 1424may enable computer system 1400 to connect to one or more devices viathe Internet. In some embodiments communications subsystem 1424 caninclude radio frequency (RF) transceiver components for accessingwireless voice and/or data networks (e.g., using cellular telephonetechnology, advanced data network technology, such as 3G, 4G or EDGE(enhanced data rates for global evolution), WiFi (IEEE 802.11 familystandards, or other mobile communication technologies, or anycombination thereof), global positioning system (GPS) receivercomponents, and/or other components. In some embodiments communicationssubsystem 1424 can provide wired network connectivity (e.g., Ethernet)in addition to or instead of a wireless interface.

In some embodiments, communications subsystem 1424 may also receiveinput communication in the form of structured and/or unstructured datafeeds 1426, event streams 1428, event updates 1430, and the like onbehalf of one or more users who may use computer system 1400.

By way of example, communications subsystem 1424 may be configured toreceive data feeds 1426 in real-time from users of social networksand/or other communication services such as Twitter® feeds, Facebook®updates, web feeds such as Rich Site Summary (RSS) feeds, and/orreal-time updates from one or more third party information sources.

Additionally, communications subsystem 1424 may also be configured toreceive data in the form of continuous data streams, which may includeevent streams 1428 of real-time events and/or event updates 1430, thatmay be continuous or unbounded in nature with no explicit end. Examplesof applications that generate continuous data may include, for example,sensor data applications, financial tickers, network performancemeasuring tools (e.g. network monitoring and traffic managementapplications), clickstream analysis tools, automobile trafficmonitoring, and the like.

Communications subsystem 1424 may also be configured to output thestructured and/or unstructured data feeds 1426, event streams 1428,event updates 1430, and the like to one or more databases that may be incommunication with one or more streaming data source computers coupledto computer system 1400.

Computer system 1400 can be one of various types, including a handheldportable device (e.g., an iPhone® cellular phone, an iPad® computingtablet, a PDA), a wearable device (e.g., a Google Glass® head mounteddisplay), a PC, a workstation, a mainframe, a kiosk, a server rack, orany other data processing system.

Due to the ever-changing nature of computers and networks, thedescription of computer system 1400 depicted in the figure is intendedonly as a specific example. Many other configurations having more orfewer components than the system depicted in the figure are possible.For example, customized hardware might also be used and/or particularelements might be implemented in hardware, firmware, software (includingapplets), or a combination. Further, connection to other computingdevices, such as network input/output devices, may be employed. Based onthe disclosure and teachings provided herein, a person of ordinary skillin the art will appreciate other ways and/or methods to implement thevarious embodiments.

In the foregoing specification, aspects of the invention are describedwith reference to specific embodiments thereof, but those skilled in theart will recognize that the invention is not limited thereto. Variousfeatures and aspects of the above-described invention may be usedindividually or jointly. Further, embodiments can be utilized in anynumber of environments and applications beyond those described hereinwithout departing from the broader spirit and scope of thespecification. The specification and drawings are, accordingly, to beregarded as illustrative rather than restrictive.

What is claimed is:
 1. A method to allow third-party developers toenforce tenant access to their features in a multi-tenant cloudenvironment, the method comprising: delivering, to a third-partydeveloper, a copy of a config file that is compatible with a fileschema, the file schema defining an element, child element, andattribute; receiving, from the third-party developer, an archive fileincluding a delta file created from the third-party developer editingthe copy of the config file, the delta file including one or moreconfigurations for class definitions for a feature of a service on amulti-tenant cloud environment, the delta file including a tenant accesslist rule for the feature, the delta file being compatible with the fileschema; merging, in a multi-tenant cloud environment using at least oneprocessor operatively coupled with a memory, the delta file with theconfig file to create an executable code config file having the servicefeature and tenant access list rule, the executable code config filebeing compatible with the file schema; instantiating objects for theservice feature based on the executable code config file; grantingaccess to the service feature for a tenant in accordance with the tenantaccess list rule in the executable code config file.
 2. The method ofclaim 1 further comprising: blocking access to the service feature for atenant in accordance with the service access rule in the executable codeconfig file.
 3. The method of claim 2 wherein the blocking is inaccordance with a number-of-seats maximum in the tenant access list. 4.The method of claim 1 further comprising: incrementing a counter in themulti-tenant cloud environment based upon the granting of access.
 5. Themethod of claim 1 further comprising: automatically transferring moneybetween accounts based on the granting of access.
 6. The method of claim1 further comprising: automatically sending a message to the third-partydeveloper based on the granting of access.
 7. The method of claim 1wherein the message includes an email, instant message, online post,short message service (SMS) text message, or multimedia messagingservice (MMS) message.
 8. The method of claim 1 further comprising:automatically sending a message to a tenant based on the instantiatingof objects, advising of an update to the service.
 9. The method of claim1 further comprising: creating the delta file by tracking changes to thecopy of the config file.
 10. The method of claim 1 further comprising:creating the delta file by comparing a the copy of the config file tothe edited copy of the config file.
 11. The method of claim 1 whereinthe delivered copy of the config file has no child elements.
 12. Themethod of claim 1 wherein the archive is a MAR file.
 13. The method ofclaim 1 wherein merging the delta file with the config file includesmerging a layered customization MAR file with a configuration file. 14.The method of claim 1 wherein the config file schema includes anextensible markup language (XML) schema.
 15. The method of claim 1wherein the empty copy of the config file is in an ADF library jar file.16. The method of claim 1 wherein the service includes a Java service.17. A machine-readable tangible medium embodying information indicativeof instructions for causing one or more machines to perform theoperations of claim
 1. 18. A computer system executing instructions, thesystem comprising: at least one processor; a memory operatively coupledwith the at least one processor, the processor executing computer codestored in the memory for performing the operations of claim
 1. 19. Amethod to allow third-party developers to enforce tenant access to theirfeatures in a multi-tenant cloud environment, the method comprising:receiving a copy of a config file, the config file being compatible withan extensible markup language (XML) file schema that defines an element,child element, and attribute; editing the copy of the config file to addconfigurations for class definitions for a feature of a service in amulti-tenant cloud environment; editing the copy of the config file tolist one or more tenant rules authorizing access to the service;packaging the edited copy of the config file in a metadata archive (MAR)file; delivering the MAR file to the multi-tenant cloud environment;triggering, using at least one processor operatively coupled with amemory, the multi-tenant cloud environment to instantiate objects basedon the class definitions and automatically grant the one or more tenantsaccess to the service.
 20. The method of claim 19 wherein the packagingincludes packaging the edited copy of the config file in a MAR filealong with a shared library of class files.